In the time since I've been running this, I saw the first thing that might be seen as a problem: dnsblog timing out on one of the DNSBL lookups:
May 16 21:51:44 harrier postfix/postscreen[29502]: CONNECT from [208.66.205.36]:53814 to [207.223.116.211]:25 May 16 21:51:44 harrier postfix/dnsblog[29507]: addr 208.66.205.36 listed by domain list.dnswl.org as 127.0.15.0 This gives it a -2 so far, but when the greet pause is finished, postscreen proceeds anyway: May 16 21:51:51 harrier postfix/postscreen[29502]: NOQUEUE: reject: RCPT from [208.66.205.36]:53814: 450 4.3.2 Service currently unavailable; from=<newslet...@pacmail.em.marketinghq.net>, to=<mungedu...@example.net>, proto=ESMTP, helo=<smtp36.elabs8.com> May 16 21:51:54 harrier postfix/postscreen[29502]: warning: dnsblog reply timeout 10s for psbl.surriel.com May 16 21:51:56 harrier postfix/postscreen[29502]: PASS NEW [208.66.205.36]:53814 May 16 21:51:56 harrier postfix/postscreen[29502]: DISCONNECT [208.66.205.36]:53814 To avoid this, I guess I'd need postscreen_greet_wait to be longer than the 10-second dnsblog reply timeout? (Is that reply timeout configurable?) -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
